Tracked, Hacked, and Attacked: How to Stay Safe in the Digital World

Audience: Middle School and High School Students

Introduction

What would you do if you woke up and, suddenly, your phone and all your socials were wiped? In other words, your online presence ceased to exist. That’s what cybersecurity helps protect against. So what is cybersecurity and why do we need it? Cybersecurity protects technology by using tools like encryption, passwords, and firewalls to keep personal information safe from online threats and hackers. We need cybersecurity because as we live in a world where many important services have become digitized; we need to make sure our conversations, money, and personal information are not at risk of being leaked, which could lead to potential harm.

History Timeline

Let’s begin with a timeline of cyber attacks. One of the first ones happened in 1988, called Morris Worm. It was one of the first internet worms and was created on November 2, 1988 by Robert Tappan Morris. It slowed thousands of systems and Morris was eventually convicted of violating the computer Fraud and Abuse Act. This mattered because it was the first worm that caused a major disruption, and it exposed technological vulnerabilities. This could have been prevented by monitoring networks, limiting self-replicating code, and the implementation of permission safeguards. In addition, the ILOVEYOU virus launched through email on May 4th, 2000. It infected millions of computers, causing a lot of damage. This virus spreads by taking advantage of user curiosity. It sent out thousands of emails asking users to click on the love letter file attached, but instead, the file downloaded the virus. It mattered because it disturbed large governments and organizations. It could have been prevented by educating users on what a scam/threat can look like, and through proper email filtering. Lastly, another widespread and critical cyber attack was the Target data breach in 2013. The information in over 40 million credit and debit cards were stolen by hackers. It happened because hackers were able to enter through a vendor with weak security, there was no multi-factor authentication. It mattered because it highlighted vulnerability in the digital market, and led to many changes in online protocol. This could have been prevented with strong security protocols and the use of multi-factor authentication. 

Types of Cyber Attacks

Now, let’s learn about common types of cyber attacks, and a brief explanation of each, to help increase awareness. First up, malware includes software like viruses, worms, and spyware created to take over systems, and damage and steal data. Second, phishing is sending fake texts, emails, or voice messages pretending to be a trusted source, often offering “money” in exchange for credentials or malware downloading. Third, ransomware (under the general category of malware) encrypts important systems and files and demands a “ransom” (usually money) for the files to be decrypted and returned back to normal. Fourth, SQL Injection is when hackers “inject” malicious SQL into websites to steal and/or manipulate data. Fifth, Cross-Site Scripting (XSS) is when hackers embed malicious malware in web pages, which runs in the background when the user is on the webpage, allowing for personal info and cookies to be leaked. Sixth, Supply Chain attacks are similar to the Target data breach, where online vendors are breached by hackers, allowing them to steal private customer information. Seventh, Social Engineering is similar to the ILOVEYOU virus, where hackers pretend to be someone else to trick victims into downloading malware or giving out personal information. Finally, Insider Threats are when employees or insiders on a secured system give out personal or company information in exchange for something valuable to them like money.

How Cybersecurity Works and Careers

Cybersecurity works by enabling tactics like encryption, firewalls, MFA (multi factor authentication), anti-malware software, secure network protocols, etc, to help protect users from hackers. Encryption “encrypts” data into unreadable code, unless they have the “key” to unencrypt the data. This prevents them from reading or using your data, even if it was stolen, as long as they don’t have the “key”. Firewalls filter incoming or leaving traffic in and out of a network based on security rules. This way, malicious traffic can be blocked before it reaches any users or networks. MFA adds extra layers of security to a login on an account. For example, a fingerprint is needed, or a code sent by email needs to be entered. So even if your password is stolen, the hacker can’t login, because they don't have the second step in authentication. Anti-malware software scans the system for anything suspicious (malware or malicious programs and removes them, which protects your device from being hacked). Secure network protocols encrypt your connection to the website. Oftentimes, many website links begin with HTTPS (the S stands for secure). With this, internet activity is private and safe. Since cybersecurity is so vast, there are also many careers, including: ethical hackers, security analysts, security engineers. Ethical hackers break into systems on purpose, find vulnerabilities, and fix them, before hackers find out. Security Analysts watch over networks for threats, look into incidents, and help strengthen an organization's online defense. Security Engineers create the structure that protects data and systems. They create defense mechanisms and do a lot of high-level work.

The Role of AI and How to Protect Your Digital Identity

AI also plays a big role in cybersecurity. For example AI can spot abnormal activity, instantly block traffic, scan systems for weak points, analyze email content, etc, to help users stay protected online. Additionally, it tends to be more thorough than the human eye, making it a big help. Now let’s discuss how to protect your digital identity. You can create unique passwords, turn on MFA, limit your online footprint, educate yourself on what could be potential phishing, use a VPN, delete unused accounts, and double check privacy settings regularly. 

Conclusion

In conclusion, the future of cybersecurity remains positive, with the additional help of AI and growing knowledge of how to stay safe on the internet. Don’t live in fear though: by following safe steps and staying educated, you can protect your digital identity and information. However, it’s important to always try and stay one foot ahead of hackers and trackers.

Bibliography

IBM. Cybersecurity: Definition, Importance, and Future. IBM,

https://www.ibm.com/think/topics/cybersecurity.

GeeksforGeeks. “What Is Cyber Security?” GeeksforGeeks,

https://www.geeksforgeeks.org/ethical-hacking/what-is-cyber-security/.

Spafford, Eugene H. The Internet Worm Program: An Analysis. MIT CSAIL,

https://groups.csail.mit.edu/mac/classes/6.805/articles/morris-worm.html.

Spafford, Eugene H. The Internet Worm Program: An Analysis. University of Maryland,

https://www.cs.umd.edu/class/fall2019/cmsc818O/papers/morris-worm.pdf.

Sec-Tech. “The Story of the ILOVEYOU Virus.” Sec-Tech,

https://sec-tech.org/the-story-of-the-i-love-you-virus/.

Kaspersky. “Cybersecurity History: The Story of ILOVEYOU.” Kaspersky Daily,

https://www.kaspersky.com/blog/cybersecurity-history-iloveyou/45001/.

Red River. “Target Data Breach: What Happened and What Businesses Can Learn.” Red River,

https://redriver.com/security/target-data-breach.

Mohurle, Sunil, and B.B. Patil. “A Brief Study of Wannacry Threat: Ransomware Attack 2017.” arXiv, 16 Jan. 2017, 

https://arxiv.org/pdf/1701.04940.

Built In. “20 Types of Cyberattacks + Examples.” Built In,

https://builtin.com/articles/types-of-cyber-attacks.

IBM. What Is Encryption? IBM, 

https://www.ibm.com/think/topics/encryption.

Cisco. “What Is a Firewall?” Cisco,

https://www.cisco.com/site/us/en/learn/topics/security/what-is-a-firewall.html.

Microsoft. “Multifactor Authentication (MFA): Why It’s Important and How It Works.” Microsoft Security Blog, 4 Mar. 2021,

https://www.microsoft.com/en-us/security/blog/2021/03/04/multifactor-authentication-mfa-why-its-important-and-how-it-works/.

Norton. “What Is Malware?” Norton, 

https://us.norton.com/blog/malware/what-is-malware.

Cloudflare. “What Is HTTPS?” Cloudflare, 

https://www.cloudflare.com/learning/ssl/what-is-https/.

CrowdStrike. “What Is an Ethical Hacker?” CrowdStrike,

https://www.crowdstrike.com/en-us/cybersecurity-101/exposure-management/ethical-hacker/.

Digital Guardian. “What Is a Security Analyst? Responsibilities, Qualifications and More.” Digital Guardian,

https://www.digitalguardian.com/resources/knowledge-base/what-security-analyst-responsibilities-qualifications-and-more.

Coursera. “What Is a Security Engineer?” Coursera,

https://www.coursera.org/articles/what-is-a-security-engineer.

Zscaler. “What Is Artificial Intelligence (AI) in Cybersecurity?” Zscaler,

https://www.zscaler.com/zpedia/what-is-artificial-intelligence-ai-in-cybersecurity?utm_source=chatgpt.com.

CyFox. “Role of Artificial Intelligence in Cybersecurity.” CyFox Security Blog,

https://www.cyfox.com/blog-posts/role-of-artificial-intelligence-in-cybersecurity?utm_source=chatgpt.com.

MailGuard. “5 Tips to Help Protect Your Digital Identity.” MailGuard Blog,

https://www.mailguard.com.au/blog/5-tips-to-help-protect-your-digital-identity?utm_source=chatgpt.com.